Outsourcing technology is a ‘systemic risk’ for banks

By Paddy Smith
In the wake of the Wirecard scandal, financial institutions are being warned that outsourcing technology services to a small group of suppliers is risky...

The Financial Stability Board (FSB) has warned banks about the “possibility of systemic risk” from outsourcing to a few third-party technology companies.

In the wake of the Wirecard scandal, the FSB raised concern over a trend for financial institutions collectively to use fewer third-party technology providers. It suggests that a fault in one third party could cause financial instability.

In its discussion paper – Regulatory and Supervisory Issues Relating to Outsourcing and Third-Party Relationships – the FSB said, “A common concern... is the possibility of systemic risk arising from concentration in the provision of some outsourced and third-party services to [financial institutions]. These risks may become higher as the number of FIs receiving critical services from a given third party increases.

“Systemic risk could arise if, for instance, a sufficiently large number of FIs (or a single systemic FI) became dependent on one or a small number of outsourced or third-party service providers for the provision of critical services that were impossible or very difficult to substitute effectively and in an appropriate timeframe, for instance due to limitations in the capacity of alternative third parties or other back-up solutions.

Cloud 'resilience options’

“A major disruption, outage or failure at one of these third parties could create a single point of failure with potential adverse consequences for financial stability and/or the safety and soundness of multiple FIs. The ultimate impact would depend on the specific services being provided, the criticality and substitutability of those services, and the mitigation plans in place by FIs and the third party in question.

“Industry practice on mitigation plans is evolving rapidly and encompasses an ever-growing range of contractual, practical and technological approaches. For instance, retaining the ability to bring data or applications back on-premises in a way that ensure continuous adequate performance; creating and securing back-up copies of sensitive data, using of multiple or back-up vendors or, in the case of cloud outsourcing, using one or more resilience options.

“While mapping and understanding the system-wide effects of third-party dependencies is not a new issue, it remains an evolving area for supervisory authorities due to the heterogeneity of services provided and the changing ecosystem. Given the cross-border nature of this dependency, supervisory authorities and third parties could particularly benefit from enhanced dialogue on this issue.”

The paper also mentions that the trend towards fewer third-party technology platforms was being accelerated by the Covid-19 pandemic.

What’s it got to do with Wirecard?

Wirecard was a third-party payment processor that hit the headlines after an accounting scandal was unearthed by journalists at the Financial Times. The UK’s Financial Conduct Authority ordered Wirecard Card Solutions to cease operating pending an investigation, with the knock-on effect that millions of customers’ bank cards stopped working. The FSB paper doesn’t mention Wirecard – however, it’s exactly the sort of scenario the paper is designed to highlight.


Featured Articles

Robot dining staff on call to help care in the community

Robots are ready to serve seniors as retirement communities struggle with staff shortages, and a new report says pensioners appreciate a metal maître d

BlackBerry drives its QNX technology to the cloud with AWS

BlackBerry has expanded its work with Amazon Web Services, which will see the Canadian security company’s embedded systems and AI available in the cloud

6G: Predictions for the network of the future

With cloud-based technology enabling higher speeds and microsecond latency, experts predict 6G will transform the world. The next generation is coming

Blockchain in space could take tokens and NFTs into orbit

Digital Transformation

ICYMI: Top 10 DevSecOps tools and cut-price animal robots

Digital Transformation

Altered Egos: Digital twins hold up a mirror for machines

Digital Transformation